iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Dave Watson 30a7a7b04f tls: Stricter error checking in zerocopy sendmsg path 
commit 32da12216e467dea70a09cd7094c30779ce0f9db upstream.

In the zerocopy sendmsg() path, there are error checks to revert
the zerocopy if we get any error code.  syzkaller has discovered
that tls_push_record can return -ECONNRESET, which is fatal, and
happens after the point at which it is safe to revert the iter,
as we've already passed the memory to do_tcp_sendpages.

Previously this code could return -ENOMEM and we would want to
revert the iter, but AFAIK this no longer returns ENOMEM after
a447da7d004 ("tls: fix waitall behavior in tls_sw_recvmsg"),
so we fail for all error codes.

Reported-by: syzbot+c226690f7b3126c5ee04@syzkaller.appspotmail.com
Reported-by: syzbot+709f2810a6a05f11d4d3@syzkaller.appspotmail.com
Signed-off-by: Dave Watson <davejwatson@fb.com>
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-22 14:28:49 +02:00
..
6lowpan
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
9p
9p/trans_virtio: discard zero-length reply
2018-02-22 15:42:30 +01:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
net: fix use-after-free in GRO with ESP
2018-07-22 14:28:44 +02:00
appletalk
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atm
atm: Preserve value of skb->truesize when accounting to vcc
2018-07-22 14:28:43 +02:00
ax25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
batman-adv
batman-adv: fix packet loss for broadcasted DHCP packets to a server
2018-05-30 07:52:19 +02:00
bluetooth
Bluetooth: Fix connection if directed advertising and privacy is used
2018-04-19 08:56:19 +02:00
bpf
bpf: Align packet data properly in program testing framework.
2017-05-02 11:46:28 -04:00
bridge
netfilter: ebtables: reject non-bridge targets
2018-07-22 14:28:49 +02:00
caif
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-23 19:58:17 +01:00
ceph
libceph, ceph: avoid memory leak when specifying same option several times
2018-05-30 07:52:04 +02:00
core
rtnetlink: validate attributes in do_setlink()
2018-06-11 22:49:22 +02:00
dcb
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
dccp
net: dccp: switch rx_tstamp_last_feedback to monotonic clock
2018-07-22 14:28:44 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:07:52 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:28:49 +02:00
dsa
net: dsa: add error handling for pskb_trim_rcsum
2018-06-26 08:06:28 +08:00
ethernet
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
hsr
net/hsr: Check skb_put_padto() return value
2017-08-22 13:40:23 -07:00
ieee802154
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
2018-03-31 18:10:40 +02:00
ife
net: sched: ife: check on metadata length
2018-04-29 11:33:13 +02:00
ipv4
tcp: prevent bogus FRTO undos with non-SACK flows
2018-07-22 14:28:47 +02:00
ipv6
net/tcp: Fix socket lookups with SO_BINDTODEVICE
2018-07-22 14:28:46 +02:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:10:41 +02:00
kcm
kcm: Fix use-after-free caused by clonned sockets
2018-06-11 22:49:19 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:45:14 +02:00
l2tp
l2tp: revert "l2tp: fix missing print session offset info"
2018-05-19 10:20:27 +02:00
l3mdev
lapb
net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
llc
llc: properly handle dev_queue_xmit() return value
2018-05-30 07:52:20 +02:00
mac80211
mac80211: use timeout from the AddBA response instead of the request
2018-06-21 04:02:55 +09:00
mac802154
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-02-22 15:42:28 +01:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: nf_queue: augment nfqa_cfg_policy
2018-07-17 11:39:32 +02:00
netlabel
netlabel: If PF_INET6, check sk_buff ip header version
2018-05-30 07:52:40 +02:00
netlink
netlink: fix uninit-value in netlink_sendmsg
2018-05-16 10:10:23 +02:00
netrom
net, netrom: convert nr_node.refcount from atomic_t to refcount_t
2017-07-04 22:35:17 +01:00
nfc
NFC: llcp: Limit size of SDP URI
2018-05-30 07:51:57 +02:00
nsh
nsh: fix infinite loop
2018-05-19 10:20:26 +02:00
openvswitch
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
2018-05-19 10:20:24 +02:00
packet
net/packet: fix use-after-free
2018-07-22 14:28:46 +02:00
phonet
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
qrtr: add MODULE_ALIAS macro to smd
2018-05-30 07:52:05 +02:00
rds
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
2018-06-21 04:02:48 +09:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:10:26 +02:00
rose
rxrpc
rxrpc: Fix the min security level for kernel calls
2018-06-21 04:02:56 +09:00
sched
net_sched: blackhole: tell upper qdisc about dropped packets
2018-07-22 14:28:46 +02:00
sctp
sctp: not allow transport timeout value less than HZ/5 for hb_timer
2018-06-11 22:49:20 +02:00
smc
smc: fix sendpage() call
2018-06-21 04:02:53 +09:00
strparser
strparser: Remove early eaten to fix full tcp receive buffer stall
2018-07-22 14:28:47 +02:00
sunrpc
xprtrdma: Fix corner cases when handling device removal
2018-07-22 14:28:42 +02:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: eliminate KMSAN uninit-value in strcmp complaint
2018-06-21 04:02:56 +09:00
tls
tls: Stricter error checking in zerocopy sendmsg path
2018-07-22 14:28:49 +02:00
unix
License cleanup: add SPDX license identifiers to some files
2017-11-02 10:04:46 -07:00
vmw_vsock
VSOCK: fix loopback on big-endian systems
2018-07-22 14:28:47 +02:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
cfg80211: clear wep keys after disconnection
2018-05-30 07:51:58 +02:00
x25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm
xfrm: Fix transport mode skb control buffer usage.
2018-05-30 07:52:19 +02:00
compat.c
net: support compat 64-bit time in {s,g}etsockopt
2018-05-19 10:20:24 +02:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
socket: close race condition between sock_close() and sockfs_setattr()
2018-06-26 08:06:28 +08:00
sysctl_net.c
sysctl: Remove dead register_sysctl_root
2017-04-16 23:42:49 -05:00